Folks,
SecPod Research Team member (Sooraj K.S) found an XSS flaw in ZeusCart Ecommerce Shopping Cart, which can be used to gain sensitive information and launch further attacks. The flaw lies in the search parameter while ZeusCart web app processes the user-supplied input and renders the content back to the client’s browser. The flaw can be exploited to inject arbitrary HTML codes and steal cookies and so on. (more…)

MS09-050 addresses the much talked about SMB2 Negotiation vulnerability. A crafted SMB packet could crash the Windows Vista/2008 systems with…

OpenVAS plugins for Microsoft Security Bulletins - July 2009 are now available in the SVN repository. The plugins can be…

The news…

Passing the 10000th Network Vulnerability Test (NVT) is a perfect occasion to report about the progress of the OpenVAS project[1].

In October 2008 the systematic development of new NVTs started with a base of around 5800 Tests. With the release of OpenVAS 2.0 in December 2008, the development was boosted and has now reached an average of 10 code updates per day.  The public OpenVAS NVT Feed Service delivers 3-10 new vulnerability tests every day. (more…)

OpenVAS plugins for Microsoft Bulletins - April 2009 are now available in OpenVAS. Update your OpenVAS plugins by running openvas-nvt-sync…

Conficker worm variants A, B and C are dependent on vulnerability in Microsoft server service. Microsoft had released an advisory MS08-067 back in October 2008 to address the above vulnerability. As was expected at that time, number of attacks are spreading, major one being Conficker worm via the conficker malware. Therefore, use a Vulnerability Management Tool to prevent these attacks.

We have plugins for OpenVAS,
900055 – secpod_ms08-067_900055.nasl
900056 – secpod_ms08-067_900056.nasl (more…)

Introduction

In the arena of computer security and exploitation world, we come across many security tools. Some of them are quite useful; for some, you have to plug them in and out in a few days. However, the antivirus company F-Secure developed an application called Exploit Shield, which is mainly prioritizing for giving dynamic protection to Zero-Day vulnerabilities. I won’t go that much of a deep analysis of its internal mechanism but I will be discussing an overview of this tool, how this works etc., in the next phase. A good vulnerability management tool can also assist in maintaining a secure environment.

(more…)

Antivirus XP 2008 Be careful with what you click! This Trojan makes you believe that there are viruses/worms in your…

Any message that appears to have come from a friend in the network is trusted by default. By this nature,…

With the release of latest DNS Cache poisoning attack, DNSSEC is gaining some attention. As it is supposed to provide…